htaccess securing ftp upload folder
Posted: Wed May 11, 2005 8:55 pm
Hello there,
I'm running into an interesting security issue, and I feel like I may be trying to shoot myself in the foot.
I want users to have ftp access to their own private folder, using an ftp client (i.e., web-based client won't work because external programs have to be able to upload xml files.)
Of course, all they would need would be a php file including the config file and dumping the database to ruin pretty much everything. So my question is, while I can't do anything about what filetypes are uploaded through whichever ftp program of their choice is, if I deny from all (via .htaccess) all files which don't match a regex (jpg, jpeg, gif, xml), there would be no way for them to execute the potentially harmful (php, mainly) files, correct?
- Monkey
I'm running into an interesting security issue, and I feel like I may be trying to shoot myself in the foot.
I want users to have ftp access to their own private folder, using an ftp client (i.e., web-based client won't work because external programs have to be able to upload xml files.)
Of course, all they would need would be a php file including the config file and dumping the database to ruin pretty much everything. So my question is, while I can't do anything about what filetypes are uploaded through whichever ftp program of their choice is, if I deny from all (via .htaccess) all files which don't match a regex (jpg, jpeg, gif, xml), there would be no way for them to execute the potentially harmful (php, mainly) files, correct?
- Monkey